RFR: 8264864: Multiple byte tag not supported by ASN.1 encoding [v3]

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Thu Apr 8 15:56:11 UTC 2021

On Thu, 8 Apr 2021 13:57:37 GMT, Weijun Wang <weijun at openjdk.org> wrote:

>> This code change does not intend to support multiple byte tags. Instead, it aims to fail more gracefully when such a tag is encountered. For `DerValue` constructors from an encoding (type I), an `IOException` will be thrown since it's already in the throws clause. For constructors from tag and value (type II), an `IllegalArgumentException` will be thrown. All existing type II callers inside JDK use tag numbers smaller than 31.
> Weijun Wang has updated the pull request incrementally with one additional commit since the last revision:
>   update exception wordings

Looks good to me, except a minor comment.

src/java.base/share/classes/sun/security/util/DerValue.java line 225:

> 223:     DerValue(byte tag, byte[] buffer, int start, int end, boolean allowBER) {
> 224:         if ((tag & 0x1f) == 0x1f) {
> 225:             throw new IllegalArgumentException("Tag number 31 is not supported");

As number 31 just means the tag is bigger than 31, Is it more accuracy by using "Tag number over 30 is not supported"?


Marked as reviewed by xuelei (Reviewer).

PR: https://git.openjdk.java.net/jdk/pull/3391

More information about the security-dev mailing list